Tag
The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers.
Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims.
ChatGPT o3 resists shutdown despite explicit instructions, raising fresh concerns over AI safety, alignment, and reinforcement learning behaviors.
A critical XSS vulnerability, CVE-2024-27443, in Zimbra Collaboration Suite’s CalendarInvite feature is actively being exploited, potentially by the…
Cofense Intelligence's May 2025 report exposes how cybercriminals are abusing legitimate Remote Access Tools (RATs) like ConnectWise and Splashtop to deliver malware and steal data. Learn about this growing threat.
A 19-year-old college student faces charges after pleading guilty to cyber extortion targeting PowerSchool, exposing data of 60…
As the crypto market continues to mature, investors are looking for sophisticated financial instruments that allow them to…
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric Equipment: ICONICS Product Suite and Mitsubishi Electric MC Works64 Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information tampering on the target workstation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric Iconics Digital Solutions reports that the following versions of ICONICS Product Suite and Mitsubishi Electric MC Works64 are affected: GENESIS64 AlarmWorX Multimedia (AlarmWorX64 MMX): All Versions Mitsubishi Electric MC Works64 AlarmWorX Multimedia (AlarmWorX64 MMX): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250 An execution with unnecessary privileges vulnerability in the AlarmWorX64 MMX Pager agent can provide the potential for information tampering. An attacker could make an unau...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon Controllers M241/M251/M258/LMC058 Vulnerability: Externally Controlled Reference to a Resource in Another Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a loss of confidentiality when an unauthenticated attacker manipulates a controller's webserver URL to access resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric Modicon Controllers M241: Versions prior to 5.3.12.48 Schneider Electric Modicon Controllers M251: Versions prior to 5.3.12.48 Schneider Electric Modicon Controllers M258: All versions Schneider Electric Modicon Controllers LMC058: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610 CWE-610: Externally Controlled Reference to a Resource in Another...